CVE-2024-47xxx

There are 806 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-47000 Service Users Deactivation not Working in Zitadel
S
CVE-2024-47001 Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO.,...
CVE-2024-47002 A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A...
CVE-2024-47003 DoS via non-string message using permalink embed
S
CVE-2024-47005 Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by adm...
CVE-2024-47006 Uncontrolled search path for the Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Dri...
CVE-2024-47007 A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows...
CVE-2024-47008 Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated...
CVE-2024-47009 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to ...
CVE-2024-47010 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to ...
CVE-2024-47011 Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to ...
CVE-2024-47012 In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due t...
CVE-2024-47013 In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninit...
CVE-2024-47014 Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, ...
CVE-2024-47015 In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-...
CVE-2024-47016 there is a possible privilege escalation due to an insecure default value. This could lead to local ...
CVE-2024-47017 In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after fre...
CVE-2024-47018 In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a b...
CVE-2024-47019 In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bound...
CVE-2024-47020 Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component...
CVE-2024-47021 In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a mis...
CVE-2024-47022 Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM componen...
CVE-2024-47023 there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to re...
CVE-2024-47024 In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds wr...
CVE-2024-47025 In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in ...
CVE-2024-47026 In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds ch...
CVE-2024-47027 In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory a...
CVE-2024-47028 In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This ...
CVE-2024-47029 In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, th...
CVE-2024-47030 Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM componen...
CVE-2024-47031 Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, ...
CVE-2024-47032 In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a ...
CVE-2024-47033 In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after...
CVE-2024-47034 there is a possible out of bounds read due to a missing bounds check. This could lead to local infor...
CVE-2024-47035 In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds wr...
CVE-2024-47038 In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a...
CVE-2024-47039 OOB Read in the android.hardware.boot.IBootControl/default service
CVE-2024-47040 Use After Free in the android.hardware.radio.sap.ISap/slot2 service
CVE-2024-47041 In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds che...
CVE-2024-47043 Ruijie Reyee OS Insecure Storage of Sensitive Information
S
CVE-2024-47044 Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATI...
CVE-2024-47045 Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerab...
CVE-2024-47046 A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (...
CVE-2024-47047 An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate th...
CVE-2024-47048 Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the descri...
S
CVE-2024-47049 The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not p...
CVE-2024-47050 XSS in contact/company tracking (no authentication)
S
CVE-2024-47051 Remote Code Execution & File Deletion in Asset Uploads
CVE-2024-47053 Improper Authorization in Reporting API
M
CVE-2024-47055 Segment cloning doesn't have a proper permission check
CVE-2024-47056 Mautic does not shield .env files from web traffic
CVE-2024-47057 User name enumeration possible due to response time difference on password reset form
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field)
S
CVE-2024-47059 Users enumeration - weak password login
S
CVE-2024-47060 Unauthorized Access After Organization or Project Deactivation in Zitadel
S
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
CVE-2024-47062 Multiple SQL Injections and ORM Leak in navidrome
CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint
S
CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints
S
CVE-2024-47066 Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
E S
CVE-2024-47067 Alist Contains a Reflected Cross-Site Scripting Vulnerability
E S
CVE-2024-47068 DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
E S
CVE-2024-47069 Oveleon Cookiebar reflected Cross-site Scripting vulnerability
E S
CVE-2024-47070 authentik vulnerable to password authentication bypass via X-Forwarded-For HTTP header
CVE-2024-47071 OSS Endpoint Manager allows unauthorized access to read system files
CVE-2024-47072 XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
CVE-2024-47073 Dataease arbitrary interface access vulnerability
E
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability
S
CVE-2024-47075 DOM Clobbering gadgets found in layui that lead to Cross-site Scripting
CVE-2024-47076 libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
CVE-2024-47077 authentik cross-provider token validation problems
CVE-2024-47078 Meshtastic firmware Authentication/Authorization Bypass via MQTT
CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification
CVE-2024-47080 matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver
CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability
S
CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs
M
CVE-2024-47084 CORS origin validation is not performed when the request has a cookie in Gradio
M
CVE-2024-47085 Parameter Manipulation Vulnerability
S
CVE-2024-47086 OTP Bypass Vulnerability
S
CVE-2024-47087 Information Disclosure Vulnerability
S
CVE-2024-47088 User Enumeration vulnerability
S
CVE-2024-47089 Unauthorized Transaction Manipulation Vulnerability
S
CVE-2024-47090 XSS via WYSIWYG editor
CVE-2024-47092 Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api
S
CVE-2024-47093 Fix various XSS issues and potential RCE
CVE-2024-47094 Logging of sitesecret to automations log
CVE-2024-47095 Reflected Cross-Site Scripting in Follet School Solutions Destiny
CVE-2024-47100 A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIM...
CVE-2024-47102 IBM AIX denial of service
CVE-2024-47103 IBM Sterling B2B Integrator cross-site scripting
CVE-2024-47104 IBM i incorrect privilege assignment
CVE-2024-47106 IBM Jazz for Service Management information disclosure
CVE-2024-47107 IBM QRadar SIEM cross-site scripting
CVE-2024-47109 IBM Sterling File Gateway information disclosure
CVE-2024-47113 IBM ICP - Voice Gateway XML injection
CVE-2024-47115 IBM AIX command execution
CVE-2024-47116 IBM Sterling B2B Integrator cross-site scripting
CVE-2024-47117 IBM Carbon Design System cross-site scripting
CVE-2024-47119 IBM Storage Defender - Resiliency Service improper certificate validation
CVE-2024-47121 Weak Passwords Requirements in goTenna Pro
S
CVE-2024-47122 Insecure Storage of Sensitive Information in goTenna Pro
S
CVE-2024-47123 Missing Support for Integrity Check in goTenna Pro
S
CVE-2024-47124 Cleartext Transmission of Sensitive Information in goTenna Pro
S
CVE-2024-47125 Improper Restriction of Communication Channel to Intended Endpoints in goTenna Pro
S
CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro
S
CVE-2024-47127 Weak Authentication in goTenna Pro
S
CVE-2024-47128 Insertion of Sensitive Information Into Sent Data in goTenna Pro
S
CVE-2024-47129 Observable Response Discrepancy in goTenna Pro
S
CVE-2024-47130 Missing Authentication for Critical Function in goTenna Pro
S
CVE-2024-47131 Delta Electronics DIAScreen Stack-based Buffer Overflow
S
CVE-2024-47133 UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote au...
CVE-2024-47134 Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC P...
CVE-2024-47135 Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Ko...
CVE-2024-47136 Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Pr...
CVE-2024-47137 Liteos_a has an out-of-bounds Write vulnerability
CVE-2024-47138 mySCADA myPRO Missing Authentication for Critical Function
S
CVE-2024-47139 F5 BIG-IQ Vulnerability
CVE-2024-47140 A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.1...
CVE-2024-47141 pinmux: Use sequential access to access desc->pinmux data
S
CVE-2024-47142 AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier...
CVE-2024-47143 dma-debug: fix a possible deadlock on radix_lock
S
CVE-2024-47145 Unauthorized access on archived channels via file links
S
CVE-2024-47146 Ruijie Reyee OS Resource Leak
S
CVE-2024-47148 Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploit...
CVE-2024-47149 Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploit...
CVE-2024-47150 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-47151 Some Honor products are affected by file writing vulnerability, successful exploitation could cause ...
CVE-2024-47153 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-47154 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-47155 Some Honor products are affected by information leak vulnerability, successful exploitation could ca...
CVE-2024-47156 Information Leak Vulnerability in Honor Product
CVE-2024-47157 Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploit...
CVE-2024-47158 N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exp...
CVE-2024-47159 In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflo...
CVE-2024-47160 In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permi...
CVE-2024-47161 In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API...
CVE-2024-47162 In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page...
CVE-2024-47164 The `is_in_or_equal` function may be bypassed in Gradio
CVE-2024-47165 CORS origin validation accepts the null origin in Gradio
CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio
CVE-2024-47167 SSRF in the path parameter of /queue/join in Gradio
CVE-2024-47168 The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio
CVE-2024-47169 Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
CVE-2024-47170 Agnai File Disclosure Vulnerability: JSON via Path Traversal
CVE-2024-47171 Agnai vulnerable to Relative Path Traversal in Image Upload
S
CVE-2024-47172 Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints
S
CVE-2024-47173 Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups
CVE-2024-47174 Credential leak when credentials are used with ``
CVE-2024-47175 libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer
CVE-2024-47176 cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
CVE-2024-47177 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024...
R
CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison
E S
CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.
CVE-2024-47180 Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges
CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG
S
CVE-2024-47182 Dozzle uses unsafe hash for passwords
S
CVE-2024-47183 Parse Server's custom object ID allows to acquire role privileges
S
CVE-2024-47184 Ampache vulnerable to Stored XSS via Democratic Playlist Name
E S
CVE-2024-47186 Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
S
CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS
CVE-2024-47188 Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS
CVE-2024-47189 The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through...
CVE-2024-47190 Northern.tech Hosted Mender before 2024.07.11 allows SSRF....
CVE-2024-47191 pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation beca...
CVE-2024-47193 WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac...
CVE-2024-47194 A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V20...
CVE-2024-47195 A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V20...
CVE-2024-47196 A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V20...
CVE-2024-47197 Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
CVE-2024-47208 Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE
S
CVE-2024-47210 Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because ...
CVE-2024-47211 In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25....
CVE-2024-47212 An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to ...
CVE-2024-47213 An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted ...
CVE-2024-47214 An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involv...
CVE-2024-47215 An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It invo...
S
CVE-2024-47217 An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involv...
CVE-2024-47218 An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication....
S
CVE-2024-47219 An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection....
S
CVE-2024-47220 An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggl...
CVE-2024-47221 CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password....
S
CVE-2024-47222 New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation o...
CVE-2024-47223 A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9...
CVE-2024-47224 A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9...
CVE-2024-47226 A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration H...
CVE-2024-47227 iRedAdmin before 2.6 allows XSS, e.g., via order_name....
S
CVE-2024-47238 Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel...
CVE-2024-47239 Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption ...
CVE-2024-47240 Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A lo...
CVE-2024-47241 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certifi...
CVE-2024-47248 Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack
S
CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
S
CVE-2024-47250 Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access
S
CVE-2024-47253 In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an att...
CVE-2024-47254 In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticit...
CVE-2024-47255 In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in...
CVE-2024-47256 Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin acces...
CVE-2024-47257 Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet fra...
CVE-2024-47258 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle att...
CVE-2024-47259 Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay...
CVE-2024-47260 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did no...
CVE-2024-47261 51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage...
CVE-2024-47262 Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi...
CVE-2024-47264 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agen...
CVE-2024-47265 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encr...
CVE-2024-47266 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in shar...
CVE-2024-47290 Input validation vulnerability in the USB service module Impact: Successful exploitation of this vul...
CVE-2024-47291 Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation ...
CVE-2024-47292 Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnera...
CVE-2024-47293 Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vul...
CVE-2024-47294 Access permission verification vulnerability in the input method framework module Impact: Successful...
CVE-2024-47295 Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthentica...
CVE-2024-47297 WordPress Polls CP plugin <= 1.0.74 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47298 WordPress Bold Page Builder plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47299 WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47300 WordPress CubeWP Forms plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47301 WordPress Bit Form plugin <= 2.13.10 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47302 WordPress Fluent Support plugin <= 1.8.0 - Broken Access Control on Email Verification vulnerability
S
CVE-2024-47303 WordPress Elementor Addons by Livemesh plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47304 WordPress Fluent Support plugin <= 1.8.0 - SQL Injection vulnerability
S
CVE-2024-47305 WordPress Use Any Font plugin <= 6.3.08 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-47306 WordPress Secure Copy Content Protection and Content Locking plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47307 WordPress Meta Slider and Carousel with Lightbox plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47308 WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability
S
CVE-2024-47309 WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability
S
CVE-2024-47310 WordPress ARI Fancy Lightbox - Popup for WordPress plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47311 WordPress Wheel of Life plugin <= 1.1.8 - Broken Access Control vulnerability
S
CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability
S
CVE-2024-47313 WordPress Catch Base theme <= 3.4.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47314 WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability
S
CVE-2024-47315 WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 3.15.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-47316 WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability
S
CVE-2024-47317 WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability
S
CVE-2024-47318 WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability
S
CVE-2024-47319 WordPress Bit Form plugin <= 2.13.10 - Arbitrary File Upload vulnerability
S
CVE-2024-47320 WordPress WS Form LITE plugin <= 1.9.238 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47321 WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability
S
CVE-2024-47322 WordPress WP Timeline plugin <= 3.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47323 WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability
S
CVE-2024-47324 WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability
S
CVE-2024-47325 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability
S
CVE-2024-47326 WordPress Share This Image plugin <= 2.01 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47327 WordPress GEO my WP plugin <= 4.5.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47328 WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 3.1.2 - SQL Injection vulnerability
S
CVE-2024-47329 WordPress ElementsReady Addons for Elementor plugin <= 6.4.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47330 Broken Access Control vulnerability on multiple WordPress plugins by Supsystic
S
CVE-2024-47331 WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability
S
CVE-2024-47332 WordPress Sky Addons for Elementor plugin <= 2.5.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47333 WordPress Loops & Logic plugin <= 4.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47334 WordPress Zoho Flow for WordPress plugin <= 2.7.1 - SQL Injection vulnerability
S
CVE-2024-47335 WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability
S
CVE-2024-47336 WordPress Terms Descriptions plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47337 WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability
CVE-2024-47338 WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability
CVE-2024-47339 WordPress WP Mail Catcher plugin <= 2.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47340 WordPress ComboBlocks plugin <= 2.2.89 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47341 WordPress WP-DownloadManager plugin <= 1.68.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47342 WordPress Accordion plugin <= 2.2.99 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47343 WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47344 WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
S
CVE-2024-47345 WordPress Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47346 WordPress Newsletters plugin <= 4.9.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47347 WordPress Chartify plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47348 WordPress Visual CSS Style Editor plugin <= 7.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47349 WordPress WPMobile.App plugin <= 11.50 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47350 WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability
S
CVE-2024-47351 WordPress MaxSlider plugin <= 1.2.3 - Local File Inclusion vulnerability
S
CVE-2024-47352 WordPress WP Bulk Delete plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47353 WordPress ElementsReady Addons for Elementor plugin <= 6.4.2 - Open Redirection vulnerability
S
CVE-2024-47354 WordPress Simple Membership After Login Redirection plugin <= 1.6 - Open Redirection vulnerability
S
CVE-2024-47355 WordPress Cozy Blocks plugin <= 2.0.11 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47356 WordPress Create theme <= 2.9.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47357 WordPress Happy Addons for Elementor plugin <= 3.12.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47358 WordPress Popup Maker plugin <= 1.19.2 - Broken Access Control vulnerability
S
CVE-2024-47359 WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability
S
CVE-2024-47360 WordPress BA Book Everything plugin <= 1.6.20 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47361 WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability
S
CVE-2024-47362 WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability
S
CVE-2024-47363 WordPress Blockspare plugin <= 3.2.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47364 WordPress Move Addons for Elementor plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47365 WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47366 WordPress Elementor Addon Elements plugin <= 1.13.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47367 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47368 WordPress Premium Blocks plugin <= 2.1.33 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47369 WordPress Social Auto Poster plugin <= 5.3.15 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47370 WordPress Author Avatars List/Block plugin <= 2.1.21 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47371 WordPress WP MyLinks plugin<= 1.0.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47372 WordPress TNC PDF viewer plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47373 WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47374 WordPress LiteSpeed Cache plugin <= 6.5.0.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47375 WordPress XLTab – Accordions and Tabs for Elementor Page Builder plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47376 WordPress Slideshow Gallery LITE plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47377 WordPress BuddyForms plugin <= 2.8.12 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47378 WordPress WPCOM Member plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47379 WordPress Web Directory Free plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47380 WordPress WP-Lister Lite for eBay plugin <= 3.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47381 WordPress Slider & Popup Builder by Depicter plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47382 WordPress Page-list plugin <= 5.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47383 WordPress The Pack Elementor addons plugin 2.0.8.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47384 WordPress WP Compress plugin <= 6.20.13 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47385 WordPress Essential Blocks plugin <= 4.8.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47386 WordPress WP Extended plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47387 WordPress Search Atlas SEO plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47388 WordPress SliceWP Affiliates plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47389 WordPress NEX-Forms plugin <= 8.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47390 WordPress Jeg Elementor Kit plugin <= 2.6.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47391 WordPress Bold Page Builder plugin < 5.1.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47392 WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47393 WordPress Quill Forms plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47394 WordPress WP JobSearch plugin <= 2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47395 WordPress Robokassa payment gateway for Woocommerce plugin <= 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47396 WordPress Move Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47397 Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmwar...
CVE-2024-47398 Liteos_a has an out-of-bounds write vulnerability
CVE-2024-47401 DoS via Amplified GraphQL Response in Playbooks
S
CVE-2024-47402 Liteos_a has an Out-of-bounds Read vulnerability
CVE-2024-47404 Liteos_a has a double free vulnerability
CVE-2024-47406 Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authenti...
CVE-2024-47407 mySCADA myPRO OS Command Injection
S
CVE-2024-47408 net/smc: check smcd_v2_ext_offset when receiving proposal msg
CVE-2024-47410 Animate | Stack-based Buffer Overflow (CWE-121)
CVE-2024-47411 Animate | Access of Uninitialized Pointer (CWE-824)
CVE-2024-47412 Animate | Use After Free (CWE-416)
CVE-2024-47413 Animate | Use After Free (CWE-416)
CVE-2024-47414 Animate | Use After Free (CWE-416)
CVE-2024-47415 Animate | Use After Free (CWE-416)
CVE-2024-47416 Animate | Integer Overflow or Wraparound (CWE-190)
CVE-2024-47417 Animate | Heap-based Buffer Overflow (CWE-122)
CVE-2024-47418 Animate | Use After Free (CWE-416)
CVE-2024-47419 Animate | Out-of-bounds Read (CWE-125)
CVE-2024-47420 Animate | Out-of-bounds Read (CWE-125)
CVE-2024-47421 Adobe Framemaker | Out-of-bounds Read (CWE-125)
CVE-2024-47422 Adobe Framemaker | Untrusted Search Path (CWE-426)
CVE-2024-47423 Adobe Framemaker | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2024-47424 Adobe Framemaker | Integer Overflow or Wraparound (CWE-190)
CVE-2024-47425 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2024-47426 Substance3D - Painter | Double Free (CWE-415)
CVE-2024-47427 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47428 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47429 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47430 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47431 Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)
CVE-2024-47432 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47433 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47434 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2024-47435 Substance3D - Painter | Out-of-bounds Read (CWE-125)
CVE-2024-47436 Substance3D - Painter | Out-of-bounds Read (CWE-125)
CVE-2024-47437 Substance3D - Painter | Out-of-bounds Read (CWE-125)
CVE-2024-47438 Substance3D - Painter | Write-what-where Condition (CWE-123)
CVE-2024-47439 Substance3D - Painter | NULL Pointer Dereference (CWE-476)
CVE-2024-47440 Substance3D - Painter | Out-of-bounds Read (CWE-125)
CVE-2024-47441 After Effects | Out-of-bounds Write (CWE-787)
CVE-2024-47442 After Effects | Out-of-bounds Write (CWE-787)
CVE-2024-47443 After Effects | Out-of-bounds Write (CWE-787)
CVE-2024-47444 After Effects | Out-of-bounds Read (CWE-125)
CVE-2024-47445 After Effects | Out-of-bounds Read (CWE-125)
CVE-2024-47446 After Effects | Out-of-bounds Read (CWE-125)
CVE-2024-47449 Audition | Out-of-bounds Read (CWE-125)
CVE-2024-47450 Illustrator | Heap-based Buffer Overflow (CWE-122)
CVE-2024-47451 Illustrator | Out-of-bounds Write (CWE-787)
CVE-2024-47452 Illustrator | Out-of-bounds Write (CWE-787)
CVE-2024-47453 Illustrator | Out-of-bounds Read (CWE-125)
CVE-2024-47454 Illustrator | Out-of-bounds Read (CWE-125)
CVE-2024-47455 Illustrator | Out-of-bounds Read (CWE-125)
CVE-2024-47456 Illustrator | Out-of-bounds Read (CWE-125)
CVE-2024-47457 Illustrator | NULL Pointer Dereference (CWE-476)
CVE-2024-47458 Bridge | NULL Pointer Dereference (CWE-476)
CVE-2024-47459 Substance3D - Sampler | NULL Pointer Dereference (CWE-476)
CVE-2024-47460 Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol
CVE-2024-47461 Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10
CVE-2024-47462 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
CVE-2024-47463 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)
CVE-2024-47464 Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files
CVE-2024-47475 Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critic...
CVE-2024-47476 Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptogr...
CVE-2024-47480 Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Befo...
CVE-2024-47481 Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability...
CVE-2024-47483 Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Specia...
CVE-2024-47484 Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an S...
CVE-2024-47485 There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an att...
CVE-2024-47486 There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker cou...
CVE-2024-47487 There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an...
CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE
S
CVE-2024-47490 Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted
S
CVE-2024-47491 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP path attribute leads to an RPD crash
S
CVE-2024-47493 Junos OS: MX Series: Trio-based FPCs: Continuous physical Interface flaps causes local FPC to crash
S
CVE-2024-47494 Junos OS: Due to a race condition AgentD process causes a memory corruption and FPC reset
S
CVE-2024-47495 Junos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device.
S
CVE-2024-47496 Junos OS: MX Series: The PFE will crash on running specific command
S
CVE-2024-47497 Junos OS: SRX Series, QFX Series, MX Series and EX Series: Receiving specific HTTPS traffic causes resource exhaustion
S
CVE-2024-47498 Junos OS Evolved: QFX5000 Series: Configured MAC learning and move limits are not in effect
S
CVE-2024-47499 Junos OS and Junos OS Evolved: In a BMP scenario receipt of a malformed AS PATH attribute can cause an RPD crash
S
CVE-2024-47501 Junos OS: MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C: In a VPLS or Junos Fusion scenario specific show commands cause FPCs to crash
S
CVE-2024-47502 Junos OS Evolved: TCP session state is not always cleared on the Routing Engine leading to DoS
S
CVE-2024-47503 Junos OS: SRX4600 and SRX5000 Series: Sequence of specific PIM packets causes a flowd crash
S
CVE-2024-47504 Junos OS: SRX5000 Series: Receipt of a specific malformed packet will cause a flowd crash
S
CVE-2024-47505 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #1
S
CVE-2024-47506 Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash
S
CVE-2024-47507 Junos OS and Junos OS Evolved: BGP update message containing aggregator attribute with an ASN value of zero (0) is accepted
S
CVE-2024-47508 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2
S
CVE-2024-47509 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #3
S
CVE-2024-47515 Pagure: generate_archive() follows symbolic links in temporary clones
CVE-2024-47516 Pagure: argument injection in pagurerepo.log()
CVE-2024-47517 Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
S
CVE-2024-47518 Specially constructed queries targeting ETM could discover active remote access sessions
S
CVE-2024-47519 Backup uploads to ETM subject to man-in-the-middle interception
S
CVE-2024-47520 A user with advanced report application access rights can perform actions for which they are not authorized
S
CVE-2024-47522 Suricata ja4: invalid alpn leads to panic
M
CVE-2024-47523 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
E S
CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
E S
CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php
E S
CVE-2024-47526 LibreNMS has a Self-XSS ('Cross-site Scripting') in librenms/includes/html/modal/alert_template.inc.php
E S
CVE-2024-47527 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php
E
CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload
E S
CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)
E S
CVE-2024-47530 Scout contains an Open Redirect on Login via `next`
E S
CVE-2024-47531 Scout contains insufficient output escaping of attachment names
E S
CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module
E S
CVE-2024-47533 Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes
CVE-2024-47534 Incorrect delegation lookups can make go-tuf download the wrong artifact
CVE-2024-47535 Denial of Service attack on windows app using Netty
CVE-2024-47536 starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
CVE-2024-47537 GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c
S
CVE-2024-47538 GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet
S
CVE-2024-47539 GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a
S
CVE-2024-47540 GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
S
CVE-2024-47541 GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser
E S
CVE-2024-47542 GHSL-2024-235: GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference
E S
CVE-2024-47543 GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container
S
CVE-2024-47544 GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling
S
CVE-2024-47545 GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read
S
CVE-2024-47546 GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read
S
CVE-2024-47547 Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password
S
CVE-2024-47549 Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow con...
CVE-2024-47550 Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authen...
CVE-2024-47552 Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
CVE-2024-47553 A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The a...
S
CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
CVE-2024-47555 Missing Authentication - User & System Configuration
CVE-2024-47556 Pre-Auth RCE via Path Traversal
CVE-2024-47557 Pre-Auth RCE via Path Traversal
CVE-2024-47558 Authenticated RCE via Path Traversal
CVE-2024-47559 Authenticated RCE via Path Traversal
CVE-2024-47560 RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this...
CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
CVE-2024-47562 A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The a...
CVE-2024-47563 A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The a...
CVE-2024-47565 A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The a...
CVE-2024-47566 A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortine...
S
CVE-2024-47571 An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0...
S
CVE-2024-47572 An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4...
S
CVE-2024-47573 An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 an...
S
CVE-2024-47574 A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7....
S
CVE-2024-47575 A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4...
KEV E S
CVE-2024-47576 DLL Hijacking vulnerability in SAP Product Lifecycle Costing
CVE-2024-47577 Information Disclosure vulnerability in SAP Commerce Cloud
CVE-2024-47578 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
CVE-2024-47579 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
CVE-2024-47580 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)
CVE-2024-47581 Missing Authorization check in SAP HCM (Approve Timesheets version 4)
CVE-2024-47582 XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
CVE-2024-47585 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-47586 NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-47587 Missing authorization check in SAP Cash Management (Cash Operations)
CVE-2024-47588 Information Disclosure vulnerability in SAP NetWeaver Java (Software Update Manager)
CVE-2024-47590 Cross-Site Scripting (XSS) vulnerability in SAP Web Dispatcher
CVE-2024-47592 Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)
CVE-2024-47593 Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
CVE-2024-47594 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)
CVE-2024-47595 Local Privilege Escalation in SAP Host Agent
CVE-2024-47596 GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing
S
CVE-2024-47597 GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples
S
CVE-2024-47598 GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table
S
CVE-2024-47599 GHSL-2024-247: GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences
S
CVE-2024-47600 GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask
S
CVE-2024-47601 GHSL-2024-249: GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer
S
CVE-2024-47602 GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer
S
CVE-2024-47603 GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer
S
CVE-2024-47604 XSS vulnerability in NuGetGallery HTML attributes handling
S
CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
CVE-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes
S
CVE-2024-47607 GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header
S
CVE-2024-47608 Logicytics vulnerable to shell injections
CVE-2024-47609 Remotely exploitable DoS in Tonic `<=v0.12.2`
CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor
CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection
CVE-2024-47612 XSS in Special:DataDump when displaying dump status
CVE-2024-47613 GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush
S
CVE-2024-47614 async-graphql vulnerable to Directive Overload
CVE-2024-47615 GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer
S
CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API
CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle
S
CVE-2024-47618 Sulu vulnerable to XSS via uploaded SVG
S
CVE-2024-47619 tranport: TLS host name wildcard matching too lax
E
CVE-2024-47621 WordPress Zotpress plugin <= 7.3.10 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47622 WordPress Advanced Woo Labels plugin <= 2.01 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47623 WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47624 WordPress BSK Forms Blacklist plugin <= 3.8.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47625 WordPress Enter Addons – Ultimate Template Builder for Elementor plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47626 WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47627 WordPress WP Travel Gutenberg Blocks plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47628 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.9.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47629 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47630 WordPress ElementInvader Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47631 WordPress Logo Carousel – Clients logo carousel for WP plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47632 WordPress DethemeKit For Elementor plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47633 WordPress Zoho forms plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47634 WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-47635 WordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-47636 WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability
S
CVE-2024-47637 WordPress LiteSpeed Cache plugin <= 6.4.1 - Path Traversal vulnerability
S
CVE-2024-47638 WordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-47639 WordPress VdoCipher plugin <= 1.29 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47640 WordPress WP ERP plugin <= 1.13.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47641 WordPress Confetti Fall Animation plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47642 WordPress Keap Official Opt-in Forms plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47643 WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47644 WordPress Copyscape Premium plugin <= 1.3.6 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2024-47645 WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability
S
CVE-2024-47646 WordPress Payflex Payment Gateway plugin <= 2.6.1 - Open Redirection vulnerability
CVE-2024-47647 WordPress FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-47648 WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability
S
CVE-2024-47649 WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability
CVE-2024-47650 WordPress WP-WebAuthn plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47651 Parameter Pollution Vulnerability
S
CVE-2024-47652 Insecure Authentication Vulnerability
S
CVE-2024-47653 Missing Authorization Vulnerability
S
CVE-2024-47654 No Rate Limiting vulnerability
S
CVE-2024-47655 Unrestricted File Upload Vulnerability
S
CVE-2024-47656 User Enumeration vulnerability
S
CVE-2024-47657 Improper Access Control Vulnerability
S
CVE-2024-47658 crypto: stm32/cryp - call finalize with bh disabled
S
CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling
S
CVE-2024-47660 fsnotify: clear PARENT_WATCHED flags lazily
S
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
S
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
S
CVE-2024-47663 staging: iio: frequency: ad9834: Validate frequency parameter value
S
CVE-2024-47664 spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware
S
CVE-2024-47665 i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
S
CVE-2024-47666 scsi: pm80xx: Set phy->enable_completion only when we wait for it
S
CVE-2024-47667 PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
S
CVE-2024-47668 lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
S
CVE-2024-47669 nilfs2: fix state management in error path of log writing function
S
CVE-2024-47670 ocfs2: add bounds checking to ocfs2_xattr_find_entry()
S
CVE-2024-47671 USB: usbtmc: prevent kernel-usb-infoleak
S
CVE-2024-47672 wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
S
CVE-2024-47673 wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
S
CVE-2024-47674 mm: avoid leaving partial pfn mappings around in error case
S
CVE-2024-47675 bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
S
CVE-2024-47676 mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
S
CVE-2024-47677 exfat: resolve memory leak from exfat_create_upcase_table()
S
CVE-2024-47678 icmp: change the order of rate limits
S
CVE-2024-47679 vfs: fix race between evice_inodes() and find_inode()&iput()
S
CVE-2024-47680 f2fs: check discard support for conventional zones
S
CVE-2024-47681 wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he
S
CVE-2024-47682 scsi: sd: Fix off-by-one error in sd_read_block_characteristics()
S
CVE-2024-47683 drm/amd/display: Skip Recompute DSC Params if no Stream on Link
S
CVE-2024-47684 tcp: check skb is non-NULL in tcp_rto_delta_us()
S
CVE-2024-47685 netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
S
CVE-2024-47686 ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
S
CVE-2024-47687 vdpa/mlx5: Fix invalid mr resource destroy
S
CVE-2024-47688 driver core: Fix a potential null-ptr-deref in module_add_driver()
S
CVE-2024-47689 f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()
S
CVE-2024-47690 f2fs: get rid of online repaire on corrupted directory
S
CVE-2024-47691 f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
S
CVE-2024-47692 nfsd: return -EINVAL when namelen is 0
S
CVE-2024-47693 IB/core: Fix ib_cache_setup_one error flow cleanup
S
CVE-2024-47694 IB/mlx5: Fix UMR pd cleanup on error flow of driver init
S
CVE-2024-47695 RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds
S
CVE-2024-47696 RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
S
CVE-2024-47697 drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
S
CVE-2024-47698 drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
S
CVE-2024-47699 nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
S
CVE-2024-47700 ext4: check stripe size compatibility on remount as well
S
CVE-2024-47701 ext4: avoid OOB when system.data xattr changes underneath the filesystem
S
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
S
CVE-2024-47703 bpf, lsm: Add check for BPF LSM return value
S
CVE-2024-47704 drm/amd/display: Check link_res->hpo_dp_link_enc before using it
S
CVE-2024-47705 block: fix potential invalid pointer dereference in blk_add_partition
S
CVE-2024-47706 block, bfq: fix possible UAF for bfqq->bic with merge chain
S
CVE-2024-47707 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
S
CVE-2024-47708 netkit: Assign missing bpf_net_context
S
CVE-2024-47709 can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
S
CVE-2024-47710 sock_map: Add a cond_resched() in sock_hash_free()
S
CVE-2024-47711 af_unix: Don't return OOB skb in manage_oob().
S
CVE-2024-47712 wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
S
CVE-2024-47713 wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
S
CVE-2024-47714 wifi: mt76: mt7996: use hweight16 to get correct tx antenna
S
CVE-2024-47715 wifi: mt76: mt7915: fix oops on non-dbdc mt7986
S
CVE-2024-47716 ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros
S
CVE-2024-47717 RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data
S
CVE-2024-47718 wifi: rtw88: always wait for both firmware loading attempts
S
CVE-2024-47719 iommufd: Protect against overflow of ALIGN() during iova allocation
S
CVE-2024-47720 drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
S
CVE-2024-47721 wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading
S
CVE-2024-47722 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()
S
CVE-2024-47724 wifi: ath11k: use work queue to process beacon tx event
S
CVE-2024-47725 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-47726 f2fs: fix to wait dio completion
S
CVE-2024-47727 x86/tdx: Fix "in-kernel MMIO" check
S
CVE-2024-47728 bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
S
CVE-2024-47729 drm/xe: Use reserved copy engine for user binds on faulting devices
S
CVE-2024-47730 crypto: hisilicon/qm - inject error before stopping queue
S
CVE-2024-47731 drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
S
CVE-2024-47732 crypto: iaa - Fix potential use after free bug
S
CVE-2024-47733 netfs: Delete subtree of 'fs/netfs' when netfs module exits
S
CVE-2024-47734 bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
S
CVE-2024-47735 RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
S
CVE-2024-47736 erofs: handle overlapped pclusters out of crafted images properly
S
CVE-2024-47737 nfsd: call cache_put if xdr_reserve_space returns NULL
S
CVE-2024-47738 wifi: mac80211: don't use rate mask for offchannel TX either
S
CVE-2024-47739 padata: use integer wrap around to prevent deadlock on seq_nr overflow
S
CVE-2024-47740 f2fs: Require FMODE_WRITE for atomic write ioctls
CVE-2024-47741 btrfs: fix race setting file private on concurrent lseek using same fd
S
CVE-2024-47742 firmware_loader: Block path traversal
S
CVE-2024-47743 KEYS: prevent NULL pointer dereference in find_asymmetric_key()
S
CVE-2024-47744 KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock
S
CVE-2024-47745 mm: call the security_mmap_file() LSM hook in remap_file_pages()
S
CVE-2024-47746 fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set
S
CVE-2024-47747 net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
S
CVE-2024-47748 vhost_vdpa: assign irq bypass producer token correctly
S
CVE-2024-47749 RDMA/cxgb4: Added NULL check for lookup_atid
S
CVE-2024-47750 RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08
S
CVE-2024-47751 PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
S
CVE-2024-47752 media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
S
CVE-2024-47753 media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
S
CVE-2024-47754 media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
S
CVE-2024-47755 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-47756 PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
S
CVE-2024-47757 nilfs2: fix potential oob read in nilfs_btree_check_delete()
S
CVE-2024-47758 GLPI vulnerable to account takeover without privilege escalation through the API
CVE-2024-47759 GLPI has a stored XSS via document upload
CVE-2024-47760 GLPI vulnerable to account takeover via API
CVE-2024-47761 GLPI vulnerable to account takeover via the password reset feature
CVE-2024-47762 Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters
CVE-2024-47765 Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
S
CVE-2024-47766 Permissions are incorrectly verified for project administrators in the cross tracker search widget
E S
CVE-2024-47767 Tuleap lists trackers in the quick add actions of the backlog without any permissions check
E S
CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery
S
CVE-2024-47769 IDURAR has a Path Traversal (unauthenticated user can read sensitive data)
E S
CVE-2024-47770 Ability to view Agent list with no privilege access in wazuh-dashboard
E
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
CVE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
M
CVE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse
CVE-2024-47774 GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk
S
CVE-2024-47775 GHSL-2024-261: GStreamer has an OOB-read in parse_ds64
S
CVE-2024-47776 GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk
S
CVE-2024-47777 GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk
S
CVE-2024-47778 GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk
S
CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media
CVE-2024-47780 Information Disclosure in TYPO3 Page Tree
CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
S
CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
S
CVE-2024-47783 A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application impr...
CVE-2024-47784 Unverified Password Change
CVE-2024-47789 Credential Leakage Vulnerability
S
CVE-2024-47790 Missing Authorization Vulnerability
S
CVE-2024-47791 Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols
S
CVE-2024-47793 Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and...
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
CVE-2024-47795 Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0....
CVE-2024-47796 An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK...
CVE-2024-47797 Liteos_a has an out-of-bounds Write vulnerability
CVE-2024-47799 Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-F...
CVE-2024-47800 Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user ...
CVE-2024-47801 Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a refl...
CVE-2024-47803 Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error...
CVE-2024-47804 If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLe...
CVE-2024-47805 Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does...
CVE-2024-47806 Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `au...
CVE-2024-47807 Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `is...
CVE-2024-47808 A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application...
S
CVE-2024-47809 dlm: fix possible lkb_resource null dereference
S
CVE-2024-47810 A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page objec...
CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump
CVE-2024-47813 Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
CVE-2024-47814 use-after-free when closing buffers in Vim
CVE-2024-47815 Cross-site Scripting in IncidentReporting
CVE-2024-47816 Users can impersonate import requesters if their actor IDs coincide in ImportDump
CVE-2024-47817 Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus
CVE-2024-47818 Logged-in users with any role can delete arbitrary files in @saltcorn/server
CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
CVE-2024-47820 MarkUs vulnerable to Path Traversal
CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
E
CVE-2024-47822 Directus inserts access token from query string into logs
E
CVE-2024-47823 Livewire Remote Code Execution (RCE) on File Uploads
E S
CVE-2024-47824 Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
CVE-2024-47825 CIDR deny policies may not take effect when a more narrow CIDR allow is present
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message
CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows
S
CVE-2024-47828 Cross-Site Request Forgery in ampache
E
CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint
E S
CVE-2024-47831 Next.js image optimization has Denial of Service condition
S
CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready
S
CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy
E
CVE-2024-47834 GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate
S
CVE-2024-47835 GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser
S
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section
CVE-2024-47840 Stored XSS through sidebar in Apex skin
E S
CVE-2024-47841 Path traversal when loading stylesheets
E S
CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed
E S
CVE-2024-47846 Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection
E S
CVE-2024-47847 Various XSSes found in Cargo
E S
CVE-2024-47848 User can review/unreview articles while blocked
CVE-2024-47849 Backticks can allow the usage of not-allowed SQL functions
E S
CVE-2024-47850 CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port i...
CVE-2024-47854 An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker ...
CVE-2024-47855 util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string....
CVE-2024-47857 SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on pub...
CVE-2024-47863 An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x befo...
CVE-2024-47864 home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability...
CVE-2024-47865 Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware versi...
CVE-2024-47867 Lack of integrity check on the downloaded FRP client in Gradio
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio
E
CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio
CVE-2024-47870 Race condition in update_root_in_config may redirect user traffic in Gradio
CVE-2024-47871 Insecure communication between the FRP client and server in Gradio
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files
CVE-2024-47873 PhpSpreadsheet XmlScanner bypass leads to XXE
E
CVE-2024-47874 Starlette Denial of service (DoS) via multipart/form-data
CVE-2024-47875 DOMPurify nesting-based mXSS
CVE-2024-47876 Sakai: Kernel users created with type roleview can login as a normal user
CVE-2024-47877 Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
S
CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
E S
CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
E S
CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand
E S
CVE-2024-47881 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
E S
CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
E S
CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
E S
CVE-2024-47884 Insecure Temporary File in `foxmarks`
CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS
CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication
CVE-2024-47888 Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
CVE-2024-47889 Action Mailer has possible ReDoS vulnerability in block_format
CVE-2024-47891 GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition
CVE-2024-47892 GPU DDK - UAF of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA)
CVE-2024-47893 GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups)
CVE-2024-47894 GPU DDK - Out of bounds read into fwlog due to unchecked loop bounds
CVE-2024-47895 GPU DDK - OOB read into fwlog due to unchecked block count
CVE-2024-47896 GPU DDK - rgxfw_hwr_log_info OOB write via psHWRInfoBuf->ui32WriteIndex
CVE-2024-47897 GPU DDK - PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write
CVE-2024-47898 GPU DDK - PVRSRVDeviceSyncOpen use-after-free condition
CVE-2024-47899 GPU DDK - PVRSRVDeviceServicesOpen use-after-free condition
CVE-2024-47900 GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes
CVE-2024-47901 A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12)...
CVE-2024-47902 A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12)...
CVE-2024-47903 A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12)...
CVE-2024-47904 A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12)...
CVE-2024-47905 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Sec...
CVE-2024-47906 Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1R...
CVE-2024-47907 A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a rem...
CVE-2024-47908 OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote aut...
CVE-2024-47909 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Sec...
CVE-2024-47910 An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube ...
CVE-2024-47911 In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the author...
CVE-2024-47912 A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through ...
CVE-2024-47913 An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x ...
CVE-2024-47914 VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)
S
CVE-2024-47915 VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
S
CVE-2024-47916 Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
S
CVE-2024-47917 Mobotix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
S
CVE-2024-47919 Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
S
CVE-2024-47920 Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2024-47921 Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm
S
CVE-2024-47922 Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
S
CVE-2024-47923 Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
S
CVE-2024-47924 Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2024-47925 Tecnick TCExam – Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2024-47926 Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
S
CVE-2024-47934 TXOne Networks Portable Inspector Management Program Improper Input Validation Vulnerability
CVE-2024-47935 TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock Improper Validation of Integrity Check Value Vulnerability
CVE-2024-47939 Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement...
CVE-2024-47940 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affec...
CVE-2024-47941 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affec...
CVE-2024-47942 A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affec...
CVE-2024-47943 Improper signature verification of firmware upgrade files
S
CVE-2024-47944 Missing Protection Mechanism for Alternate Hardware Interface
S
CVE-2024-47945 Predictable Session ID
E S
CVE-2024-47946 OS Command Execution through Arbitrary File Upload
S
CVE-2024-47947 Stored cross site scripting
S
CVE-2024-47948 In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible...
CVE-2024-47949 In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary locatio...
CVE-2024-47950 In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...
CVE-2024-47951 In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings...
CVE-2024-47962 Stack-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2
S
CVE-2024-47963 Out-of-bounds Write vulnerability in Delta Electronics CNCSoft-G2
S
CVE-2024-47964 Heap-based Buffer Overflow vulnerability in Delta Electronics CNCSoft-G2
S
CVE-2024-47965 Out-of-bounds Read vulnerability in Delta Electronics CNCSoft-G2
S
CVE-2024-47966 Use of Uninitialized Variable vulnerability in Delta Electronics CNCSoft-G2
S
CVE-2024-47967 Improper resource initialization handling in firmware of some Solidigm DC Products may allow an atta...
CVE-2024-47968 Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an...
CVE-2024-47969 Improper resource management in firmware of some Solidigm DC Products may allow an attacker to poten...
CVE-2024-47971 Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial o...
CVE-2024-47972 Improper resource management in firmware of some Solidigm DC Products may allow an attacker to poten...
CVE-2024-47973 In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure...
CVE-2024-47974 Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potent...
CVE-2024-47975 Improper access control validation in firmware of some Solidigm DC Products may allow an attacker wi...
CVE-2024-47976 Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with...
CVE-2024-47977 Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an S...
CVE-2024-47978 Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerabili...
CVE-2024-47984 Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with R...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.